Data Protection

PRIVACY STATEMENT

Protection of your personal data is important to us, which is why we wish to provide you as clearly and precisely as possible with information regarding the respective contact options and data subject data.

To begin with, the following sets out the contact details of our data protection officer and options for encrypted contact. An explanation of the legal and technical terms used in the course of data protection is then provided, followed by an overview of data subject rights. Information regarding the respective controller is subsequently afforded, before rounding off with details of the technologies and services employed and how we handle data.

1 DATA PROTECTION OFFICER CONTACT INFORMATION

If you have any questions or would like information, please contact our external data protection officer at any time using the following contact details:

Email is our preferred contact option; however, you may of course contact the data protection officer by post or telephone. If you wish to encrypt your email to our data protection officer, we recommend that you read the following section.

Information regarding enquiries:

The receipt of email enquiries sent during regular business hours will be confirmed on the same day. If you do not receive confirmation please contact us by telephone.

If you send a postal enquiry, confirmation of receipt will be sent to you on the day of delivery, or the day after delivery at the very latest. If you do not receive confirmation please contact us by telephone.

1.1 ENCRYPTION OF EMAILS TO OUR DATA PROTECTION OFFICER

We advocate the use of encrypted email transmission. To safeguard confidentiality and integrity you are therefore provided with the opportunity to encrypt your enquiries to the data protection officer.

We use PGP encryption. Information on free options for use and set up is provided on the website of our data protection partner under the following link:

For further information on encryption please do not hesitate to contact our data protection officer.

2 TERMS WITHIN THE LEGAL CONTEXT

Prior to subsequent explanation of the legal framework, we would first like to clarify the respective terms:

2.1 EU GDPR (ALSO REFERRED TO AS GDPR)

The term EU GDPR (hereinafter also 'GDPR') refers to the General Data Protection Regulation. The GDPR is a fundamental regulation of the European Union that governs how personal data may be processed. For information purposes, the legal text of the GDPR can be viewed using the following link: https://eur-lex.europa.eu/legal-content/DE/TXT/?uri=CELEX:32016R0679

2.2 CONTROLLER

‘Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

2.3 PERSONAL DATA AND DATA SUBJECT

‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

2.4 PROCESSING

‘Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

2.5 RESTRICTION OF PROCESSING

‘Restriction of processing’ means the marking of stored personal data with the aim of limiting their processing in the future.

2.6 PROCESSOR

‘Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

2.7 RECIPIENT

‘Recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

2.8 THIRD PARTY

‘Third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

2.9 CONSENT

‘Consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

2.11 DATA CONCERNING HEALTH

‘Data concerning health’ means personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status.

2.12 ENTERPRISE

‘Enterprise’ means a natural or legal person engaged in an economic activity, irrespective of its legal form, including partnerships or associations regularly engaged in an economic activity.

2.13 SUPERVISORY AUTHORITY

‘Supervisory authority’ means an independent public authority which is established by a Member State pursuant to Article 51.

2.14 RELEVANT AND REASONED OBJECTION

‘Relevant and reasoned objection’ means an objection as to whether or not there is an infringement of this Regulation, or whether envisaged action in relation to the controller or processor complies with this Regulation, which clearly demonstrates the significance of the risks posed by the draft decision as regards the fundamental rights and freedoms of data subjects and, where applicable, the free flow of personal data within the Union.

3 TERMS WITHIN THE TECHNICAL CONTEXT

Prior to subsequent explanation of the technical framework, we would first like to clarify the respective terms:

3.1 FILING SYSTEM

‘Filing system’ means any structured set of personal data which is accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis.

3.2 COOKIES

Cookies are text files which a website stores on your terminal device using your browser. These text files can be designed to facilitate technical functions such as a shopping cart mechanism, or may also be used to infect your user behaviour, whereby the text files can be furnished with identification characteristics and additional information.

You can prevent the storage of cookies using the browser on your terminal device. Deactivation of cookies may, however, result in technical restrictions during use of the website.

3.3 SERVER LOGS

Server logs are log files created by the web server which document access to a website. The log entry can include a variety of information, such as time/date of access, browser type and the visitor IP address etc.

3.4 REFERRER

The referrer is the web page from which the controller website is accessed. As an example, the referrer can be determined in the server log.

4 RIGHTS OF THE DATA SUBJECT

Data subject rights are set out in the GDPR and the respective national data protection legal provisions. Should you wish to assert your rights, please contact our data protection officer using the contact details provided above. The following aims to inform you of your rights under the GDPR, specifically Section 3:

4.1 DUTY TO PROVIDE INFORMATION

The data subject has the right to information regarding their stored personal data where such data are collected from the data subject or where data have not been obtained from the data subject. The commensurate provisions are set out in Articles 13 and 14 GDPR.

4.2 RIGHT OF ACCESS

The data subject has the right to obtain from the controller confirmation as to whether or not personal data concerning them are being processed; if that is the case, the data subject has the right to access information about the personal data in question as well as other information in accordance with Art. 15 GDPR.

4.3 RIGHT TO RECTIFICATION

The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her.

Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

4.4 RIGHT TO ERASURE

The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall be obliged to erase personal data without undue delay where one of the grounds pursuant to Art. 17 GDPR applies.

4.5 RIGHT TO RESTRICTION OF PROCESSING

The data subject shall have the right to obtain from the controller restriction of processing where one of the requirements pursuant to Art. 18 applies.

4.6 NOTIFICATION OBLIGATION

The controller shall communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with Art. 16, Art. 17 (1) and Art. 18 GDPR to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.

The controller shall inform the data subject about those recipients if the data subject requests such.

4.7 RIGHT TO DATA PORTABILITY

The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided.

4.8 RIGHT TO OBJECT

The data subject shall have the right to object at any time, on grounds relating to his or her particular situation, to processing of personal data concerning him or her which is based on point (e) or (f) of Article 6 (1), including profiling based on those provisions. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

4.9 COMPLAINT TO A SUPERVISORY AUTHORITY

In accordance with Art. 77 GDPR you have the right to lodge a complaint with a supervisory authority. In general, the complaint can be lodged with the supervisory authority of your habitual residence or place of work or the domicile of the controller.

The supervisory authority with responsibility for our company is: State Data Protection and Freedom of Information Officer, Stuttgart.

5 INFORMATION ON THE CONTROLLER

6.1 ENCRYPTION OF DATA TRANSFER

We use the SSL method (secure socket layer) to encrypt data transfers and requests on our website. To this end, we apply 128-bit encryption with SHA256 hash.

In addition, we also employ appropriate technical and organisational security measures to protect your data against unintentional or intentional manipulation, total or partial loss, destruction or access by unauthorised persons. Our security measures are continually updated in accordance with technological advancements.

6.2 SERVER LOGS

Where your use of the website is purely for information, with no registration or submission of any other information, we collect solely the personal data transmitted by your browser to our server. If you wish to view our website, we will collect the following data technically required by us to display the website and ensure commensurate stability and security (legal basis is Art. 6 (1) (f) GDPR):

Anonymised IP address

Date and time of the request

Time zone difference to Greenwich Mean Time (GMT)

Contents of the request (specific page)

Access status/HTTP status code

Respectively transferred data quantity

Website from which the request originates (referrer)

Browser

Operating system and its interface

Language and version of browser software

6.3 COOKIES

When you use our website, cookies are placed on your computer. You can configure your browser settings according to preference and, for example, reject acceptance of third-party cookies or all cookies. Please note that this may mean you are unable to use all the functions of this website.

This website uses the following types of cookies, the extent and functions of which are described below:

Transient cookies

Persistent cookies

6.3.1 TRANSIENT COOKIES

Transient cookies are automatically deleted when you close your browser. These include in particular the session cookies. These save a so-called session ID, which can be used to allocate various requests of your browser to the joint session. This enables your computer to be recognised again when revisiting our website. The session cookies are deleted when you log out or close your browser.

6.3.2 PERSISTENT COOKIES

Persistent cookies are deleted automatically after a specified period which can vary depending on the cookie. You can delete the cookies in your browser's security settings at any time.

6.4 GOOGLE ANALYTICS

This website uses Google Analytics, a web analysis service provided by Google Inc ('Google'). Google Analytics uses so-called 'cookies', text files that are stored on your computer to enable analysis of your website usage. The information generated by the cookie concerning your use of this website will generally be forwarded to a Google server in the USA and stored there. Within member states of the European Union or other states that are party to the European Economic Area Agreement, if IP anonymisation is activated on this website Google will first truncate your IP address. Only in exceptional cases will the full IP address be passed to and truncated by Google on a server in the USA. On behalf of the operator of this website, Google will use this information to analyse your use of the website, create reports on website activity and provide additional services associated with use of the website and the Internet to the website operator.

You can prevent the storage of cookies by setting your browser software accordingly; however, please be aware that this may mean you are unable to use the full functionality of the website. You can also prevent the collection and processing by Google of data generated by the cookie regarding your use of the website (including your IP address) by downloading and installing the browser plug-in available under the following link: http://tools.google.com/dlpage/gaoptout?hl=de.

This website uses Google Analytics with the extension "anonymizeIp()” This allows IP addresses to be further shortened and processed, meaning they cannot be linked to a person. Should any data concerning you become personally identifiable, this action will be instantly precluded and the commensurate personal data immediately erased.

We use Google Analytics to analyse use of our website and facilitate regular improvement. The statistical information obtained is used to enhance our services and make them more appealing for you as the user. For the exceptional cases where personal data is transmitted to the USA, Google has agreed to comply with the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework. Legal basis for the use of Google Analytics is provided under Art. 6 (1) (f) GDPR.

You can prevent the use of Google Analytics by activating the respective opt-out: Disable Google Analytics.

6.5 GOOGLE MAPS

This website uses the Google Maps service. This allows us to present you with interactive maps directly on the website and enables convenient use of the map function.

Upon visiting the website, Google receives information that you have retrieved the corresponding sub-page from our website. This occurs regardless of whether Google has furnished a user account which you are logged on to or whether no user account exists. If you are logged on to Google your data will be directly assigned to your account. To prevent assignment to your profile by Google you must first sign out. Google stores your data as a user profile and uses this profile for the purposes of advertising, market research and/or demand-oriented design of its website. Analysis of this kind is carried out (including for users not logged on), in particular, for the presentation of demand-oriented advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of this user profile; to exercise this right you will need to contact Google accordingly.

(3) Further information on the purpose and extent of data collection and its processing by the plug-in provider can be obtained from the privacy statements of the provider. You will also find additional information regarding your commensurate rights and setting options for the protection of your privacy: www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has agreed to comply with the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework.

7 FORWARDING TO THIRD PARTIES

Your personal data are not transferred to third parties for any other purposes than those stated in the following.

We only share your personal data with third parties if:

You have expressly consented to such in accordance with Art. 6 (1) (a) GDPR,

disclosure in accordance with Art. 6 (1) (f) GDPR is necessary for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data,

disclosure in accordance with Art. 6 (1) (f) GDPR is required by law, or

is legally permissible and necessary in accordance with Art. 6 (1) (b) GDPR for the conclusion of contractual relations with you.